I'm a technology, privacy, and information security reporter and most recently the author of the book This Machine Kills Secrets, a chronicle of the history and future of information leaks, from the Pentagon Papers to WikiLeaks and beyond.
I've covered the hacker beat for Forbes since 2007, with frequent detours into digital miscellania like switches, servers, supercomputers, search, e-books, online censorship, robots, and China. My favorite stories are the ones where non-fiction resembles science fiction. My favorite sources usually have the word "research" in their titles.
Since I joined Forbes, this job has taken me from an autonomous car race in the California desert all the way to Beijing, where I wrote the first English-language cover story on the Chinese search billionaire Robin Li for Forbes Asia. Black hats, white hats, cyborgs, cyberspies, idiot savants and even CEOs are welcome to email me at agreenberg (at) forbes.com. My PGP public key can be found here.

Apple Is Beta-Testing An Update That Kills Evasi0n Jailbreak

Late last week Apple released an update for iOS to developers in beta that prevents the use of the popular jailbreak software evasi0n, according to one of evasi0n’s creators who tested the patch over the weekend, David Wang.

Wang tells me that he’s analyzed the 6.1.3 beta 2 update and found that it patches at least one of the five bugs the jailbreak exploits, namely a flaw in the operating system’s time zone settings. The beta update likely signals the end of using evasi0n to hack new or updated devices after the update is released to users, says Wang, who says he’s still testing the patch to see which other vulnerabilities exploited by the jailbreak might no longer exist in the new operating system.

“If one of the vulnerabilities doesn’t work, evasi0n doesn’t work,” he says. “We could replace that part with a different vulnerability, but [Apple] will probably fix most if not all of the bugs we’ve used when 6.1.3 comes out.”

That impending patch doesn’t mean evasi0n’s time is up, says Wang. Judging by Apple’s usual schedule of releasing beta updates to users, he predicts that it may take as long as another month before the patch is widely released.

Despite that frenzy, Apple has hardly scrambled to stop the jailbreaking. Evasi0n has already gone unpatched for three weeks. That’s far longer, for instance, than the nine days it took Apple to release a fix for Jailbreakme 3.0, the jailbreak tool released in the summer of 2011 for the iPhone 4, which was by some measures the last jailbreak to approach Evasi0n’s popularity.

Apple’s slow response to Evasi0n is explained in part by the relatively low security risk that the tool poses. Unlike Jailbreakme, which allowed users to merely visit a website and have their device’s restrictions instantly broken, Evasi0n requires users to plug their gadget into a PC with a USB cable. That cable setup makes it far tougher for malicious hackers to borrow Evasi0n’s tricks to remotely install malware on a user’s phone or tablet.

Security researchers have nonetheless pointed out that Evasi0n could give criminals or spies some nasty ideas. The tool uses five distinct bugs in iOS, all of which might be appropriated and combined with other techniques for malicious ends. And F-Secure researcher Mikko Hypponen points out that if a hacker used a Mac or Windows exploit to compromise a user’s PC, he or she could simply wait for the target to plug in an iPhone or iPad and use evasi0n to take over that device as well.

More likely, perhaps, is a scenario described by German iPhone security researcher Stefan Esser. He argues that a hacker could use a secret exploit to gain access to an iPhone or iPad and then install evasi0n, using the jailbreaking tool to hide his or her tracks and keep the secret exploit technique undiscovered by Apple and unpatched. “That way they protect their investment and leave no exploit code that could be analyzed for origin,” Esser wrote on Twitter.

But then again, Wang says he hasn’t yet been able to check Apple’s patch for every bug it might fix–either the ones evasi0n employs or those he and his fellow hackers had hoped to keep secret for their next jailbreak. “If they patch most of the bugs,” Wang says, “Then we’re starting from scratch.”

Post Your Comment

Post Your Reply

Forbes writers have the ability to call out member comments they find particularly interesting. Called-out comments are highlighted across the Forbes network. You'll be notified if your comment is called out.

Comments

I have to humor myself with all the isheep that want to jaibreak their phones, I did it fr 4 yrs, and since switching to to a Galaxy S3 with Android, i can now see how stupid it was. just through the POS Iphone away and get an android, and you’ll look back and see just how ridiculus it is and just how naive you were to own an iphone. A good Android phone is still way better than any jailbroken iphone!! I was one of the silly folks that thought apple was truely the best phone and after 4 yrs of using it, was skeptical in switching, but after switching, there is no way in the hot place i could go back to such a primative smart phone! once you leave apple you can then see with a clearer prospective on the quality and ack of creativity that apple offers in the cell phone industry. i can know laugh at the stupidity of apple owners! Regardless of what apple wants you to think, its not the cool thing to have anymore! their stock is is in a nose dive, only carried 30 % of market share in 4 th qt, compared to 70 for android, big cutback on production of their love child the Iphone 5, someday maybe apple will get a new vision…called “quit being so arrogant and listen to your customers and what they want”!!

You still need to root your android to do what you want with it. Its a myth hat you can do everything you want right out of the box. As a proud owner of both a rooted galaxy and a jail broken iPad, I can safely say that you can do a lot more with the jail broken iPad. Sorry.

As a proud owner of a rooted Galaxy Nexus, jailbroken iPad (wife’s) and jailbroken iPhone (daughter’s), I can safely say that you are full of it. Fundamentally, unrooted/jailbroken, both platforms can pretty much do the same exact things out of the box. Apps exist on both platforms for everything. But an unrooted Android phone can easily tether, has desktop widgets, customizeable lock screen widgets, rich (read functional) notifications, use custom homescreen/launcher apps, and so much more than iOS devices can do. The list is long. And like I said, this is all without root. To do these things on an iOS device, you must jailbreak. So no, you DON’T need to “root your android to do what you want with it”. 100% false. Now add root into the equation, and the amount of things that you can do on your Android that iOS (even jailbroken) can’t do goes up exponentially. Ever heard of custom ROM’s? Try doing that with iOS. Good luck. How’s that foot taste? So you’re wrong. Sorry.

After using Android and GalaxyS phones, I switched to iphone and will never go back. Android is a 24/7 science experiment just keep it running properly. There’s no such thing as a “good android phone”. They’re all buggy in my experience.

I have been jailbraking my “i” devices for 4 + years now because (strictly in my opinion) the limitations make them useless. More over, they always inevitably inflict damage to my nervous system. E.g. My $20 usb stick can use any computer in town to get a movie on it. My iPad Retina 64GB cannot. Sorry, just one iPad per one computer. Ok, I still have a fantastic custom 4.1 Ghz 24Gb RAM desktop machine. Very intransferrable though, so I was assuming a portable device in 21 century could handle easy tasks which windows 95 was performing ages ago using external data storage. Again, no. Doesnt support SD cards. Now copying files from-to a device is killing me badly. No file system, no folders, nothing. At a $1000 device. Next -customization for your needs. It’s a story of it’s own. Just non -existent. Still, it can change wallpapers (say hello to win 3.1) The list of those faults is very long so the first thing I’m always doing after installing a new iOs is jailbraking. Never missed it, since day 1. A couple years ago, though, I got a very new (then) Galaxy S. Never got an iPhone ever since. The latest Galaxy Note 2 I’ve bought for my wife recently is brilliant. Customized it from head to toe – 3D screens, huge icons, widgets, weather, calendar, all major video formats, great google support and sync, excellent screen, very transparent file system. So clean and fast and almost 2 days on a single charge. Very impressive, trust me. Also, got my hands on a latest samsung 10.1 tab (64gb + 32 gb card) – it’s great, also customized it to death strictly for myself – near perfect with very minor faults. My empty jailbroken iPad 64 is sitting right now next to me awaiting for almost non-existent customization. Would just sell it or trade in for android immediately but I cannot – it’s a gift (( Glass and steel? Pleasant touch? Prestige? Apple logo on a back? Don’t care. Gadgets’ primary goal is usability. First things first.

Awesome post. As a jailbreaker myself ( fortunately on iOS 5 with iPhone 4 so this does not apply to me) but this could take a while for those that update to this new iOS once it is out for a jailbreak to get to them. evasi0n took a while, and they might have to start from scratch after this. Thanks for posting.

Please take a minute of your time and check out my Tech Blog- Tech Fate at this URL- http://techfate.blogspot.com

First of all, to Taz Devil. Apple still dominates the smartphone market because they control the device, iOS, content and software that go on their 450,000,000 million iDevices sold. You speak like Android is a device when its just a licensed mobile os. Thats why iDevices have faster benchmarks in performance and less bugs. The hardware and software were developed under one roof which is the opposite of Android which pimps out its OS to any manufacturer that will sign on the dotted line. As far as Apple’s business. Let’s talk about the 21,000,000,000 (that’s billion) songs sold through iTunes the past 10 years. Believe it or not, Apple saved the music business. And everyone’s stocks falls when you reach the levels that Apple’s stocks have reached. The company has more market value than Microsoft and Google combined. Even though the stock has dropped 30% recently, investors still are up 39% for the year compared with 9% for Google. Far from a nose-dive. So please don’t be so ignorant to believe that Apple’s business model is somehow failing. With that said, my iPhone 5 out-the-box sucks. Performance wise it’s flawless, just boring. Jailbroken it’s all the phone I need and more. My friend has a Galaxy Note 2 and flaunts his screen and its many features. I have to admit, I like the one feature whe you can have apps open simultaneously on the same screen (Cydia tweak allows us to do the same). Call me old fashioned but I still like a phone I can put up to my ear and in my shirt or pants pocket. The Galaxy Note is just stupid big for a phone. Everything these companies create is to out-do the iPhone and you people run and buy it so you can call us iSheep or Fanboys and run around with your obnoxiously huge phone in your hand…lol. It’s sad if it wasn’t so funny. We buy iDevices because of the design and performance. Now when I pull out my jailbroken iPad 4 with retina display, suddenly my friends Galaxy isn’t much of a tablet anymore. I like my phone and tablet. I’ll leave the “phablets” to those trying hard to be better than us.

Dear sir, there are 2 major ways to provide a basis for your statements: 1.You say “In my opinion” or (preferrably) “From my experience”. 2. You provide data and source. EG: According to Cnet and TechCrunch, iOs and Android sales in US have approximate 50/50 split for the ending months of 2012 and beginning of 2013 (data provided by Kantar Worldpanel ComTech – Android, Kantar says, took 49.4 percent of smartphone sales, a growth of 6.4 percentage points over the same period last year. Apple’s 45.9 percent of sales was 4.7 percentage points down one year ago. It sources these numbers by extrapolating from data collected from 240,000 consumers annually.) Your statement -”Thats why iDevices have faster benchmarks in performance and less bugs.” According to who? What type of benchmarks? Tablets or smartphones? Was it in 2010 when Samsung was manufacturing A4 processors for Apple or when? Less bugs then what? etc. You dont have data? Just say – “in my opinion”, that’s fine with us. “My friend has” isn’t just enough. Let us talk to your friend then. You just keep laughing.

I used to have a jailbroken iPod Touch, but now I’m on an iPhone 5. Works fine, no complaints.

With the jailbroken iPod, some apps didn’t work right, they didn’t like it. I tried different types, Redsn0w being one of them, and Spotify would freeze randomly. Yes I could get any app for free, but wasn’t worth it because cracked apps didn’t work as well. It’s better to be legit and buy apps, nothing more to it.

I would’ve went with Android but the devels of an App I use refuse to make an Android version. I had no choice.

If you take away my jailbreak then i want the abilities it gives me built in. I like to have the HTC weather as my lock screen and choose different themes as i want. Also the ability to tether without carrier charging me an arm and a leg. I dont tether often but its nice when i travel to see reletives who dont have internet i can still use my ipad tethered to my iphone. And when we are driving i can stream video from home to my daughters ipad. I like to jailbreak its nice to be able to change things around a little. Gosh apple till ios 5 couldnt even let you change the background. And no i hate android. They copied apple rather then do their own thing. EULA have been ruled before as non binding. ADobe v softman is one that comes to mind. And i dont care what any eula says i bought the phone its mine i own it im not renting it i can do what i want with it. Read more at http://macdailynews.com/2013/02/25/apple-beta-testing-ios-update-that-kills-evasi0n-jailbreak/#5RJC8Q36ShdvCD2P.99